Protection Against Form Modification

Explore techniques to safeguard your Ruby on Rails applications against form modification by testing access controls. Understand how to design tests that verify whether users can create or modify tasks based on their permissions, using request specs to handle non-UI based malicious requests. This lesson helps you apply security testing to ensure that only authorized users can submit forms, enhancing the robustness of your Rails app.

We'll cover the following...

Preventing form modification
Issues
Design decisions
Request tests

Preventing form modification

There is at least one blind spot in the user and role protection. The project show page has a form that submits a new task. That form is submitted to the TasksController, which doesn’t handle any user-access control. The use case here is a malicious user not going through the web UI but rather creating his own HTTP request and pointing it at the server.

Issues

There are two important issues here, at least from our perspective as Rails Testing Author. First is the habit of noticing when we’re using a resource that’s being accessed as a result of a user request instead of being ...

1.Introduction

2.Test-Driven Fable

3.Test-Driven Development Basics

4.Test-Driven Rails

Project

5.What Makes a Great Test?

6.Testing Models

7.Adding Data to Tests

8.Using Test Doubles as Mocks and Stubs

9.Integration Testing with Capybara and Cucumber

10.Testing JavaScript: Integration Testing

11.Unit-Testing Javascript

12.Testing Rails Display Elements

13.Minitest

14.Testing for Security

15.Testing External Services

16.Troubleshooting and Debugging

17.Running Tests Faster and Running Faster Tests

18.Testing Legacy Code

Protection Against Form Modification

Preventing form modification

Issues